Last May, I wrote about a remote password disclosure vulnerability I
found in a proprietary protocol used to control ~150 different low-end
IP cameras. The exploit I wrote was tested on the Rosewill RXS-3211,
a rebranded version of the Edimax IC3005. The vulnerability remained
unpatched in the RXS-3211 until July ...

Today's post is kind of long, so I thought I should warn you in advance
by adding an additional paragraph for you to read. I also wanted to
provide download links for those who'd rather just read the code. It
isn't the cleanest code in the world ...

This is a short post documenting the vulnerability I inadvertently found
yesterday in the 1 Flash Gallery plugin, which has since been
patched. This plugin has been downloaded an estimated 460,000 times, and
as of yesterday was ranked by Wordpress as the 17th most popular plugin
(although I'm ...

Updates in this Release

So after a ridiculously long period of procrastination, I finally got
around to updating Sergio Proxy to make it remotely usable. I was never
very happy with how the initial code turned out, but given that it was
hacked out in a couple days just to ...

When I first started on this post, I intended to write about some fun
things one can do with a $30 Rosewill IP camera (RXS-3211). While I
still intend to do this in the near future, I decided instead to
document an interesting password disclosure vulnerability I found that
appears ...

Well, here were are, about three months since I initially released
d0z.me, and I've finally gotten away from school and life for a bit
this week and updated it. However, I think it was definitely worth the
wait. You can grab the code over at d0z.me's ...

This post documents an XSS vulnerability that I discovered in the
default Gmail app (v1.3) provided by Google in Android 2.1 and prior.
All versions included in Android up to and including 2.1 seem to be
affected, but the bug was unintentionally patched in Froyo (2.2 ...

This post documents an XSS vulnerability I discovered in the event
tracking functionality provided by Google Analytics. Given a website's
Google account number (which can be found in the site source), one could
spoof specially crafted events that, when clicked in the administrative
interface, would run arbitrary Javascript in ...